“The intent is to deal with large data breaches such as the Equifax data breach, the Home Depot, Uber data breaches,” Filippi said. “It seeks to require companies that have these large data bases which have been breached where data is potentially being sold on the dark web, it mandates that they notify their customers.”

“This one doesn’t specify,” Filippi said. “It’s a reasonable promptness, so the way we interpret it, is that it would require a much quicker turnaround by the company than the 45 days in existing law.”

Parties who violate state the Identity Theft Protection Act of 2015 are subject to a $100 per record penalty. Filippi’s legislation has a $150,000 per-breach penalty.

“There needs to be protections in state law, protections with teeth, that make it painful for companies that would try and hide that data was stolen,” he said.

A spokesperson for Rhode Island Attorney General Peter Kilmartin said the office has not had a chance to review Filippi’s legislation to understand how it would work with existing law.